Commit Graph

2456 Commits

Author SHA1 Message Date
Brad Davidson
84baab59a9 Promote v1.23.8+k3s2 to stable
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-12 01:04:33 -07:00
Derek Nola
86fc940759
Replace dapper testing with regular docker (#5805)
* Replace dapper mod test with regular docker

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-07-08 13:01:12 -07:00
Brad Davidson
d2089872bb Fix issue with containerd stats missing from cadvisor metrics
cadvisor still doesn't pull stats via CRI yet, so we have to continue to use the deprecated arg.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-08 11:03:02 -07:00
Brad Davidson
7dc78d2cee Bump runc version to v1.1.3
Includes fix for ENOSYS/EPERM issue on s390x.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-07 12:23:34 -07:00
Brad Davidson
afee83dda2 Bump remotedialer
Includes fix for recently identified memory leak.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-07 12:22:37 -07:00
Brad Davidson
a237260237 Bump kine to v0.9.3
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-01 00:08:15 -07:00
Brad Davidson
961c8274a9 Don't crash when service IPFamiliyPolicy is not set
Service.Spec.IPFamilyPolicy may be a nil pointer on freshly upgraded clusters.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-01 00:07:50 -07:00
Brad Davidson
ff6c233e41 Fix egress selector proxy/bind-address support
Use same kubelet-preferred-address-types setting as RKE2 to improve reliability of the egress selector when using a HTTP proxy. Also, use BindAddressOrLoopback to ensure that the correct supervisor address is used when --bind-address is set.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-01 00:07:35 -07:00
Brad Davidson
4f4cf18fb6 Add tests for down-level etcd join
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-30 11:57:41 -07:00
Brad Davidson
96162c07c5 Handle egress-selector-mode change during upgrade
Properly handle unset egress-selector-mode from existing servers during cluster upgrade.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-30 11:57:41 -07:00
Nikolai Shields
9345bd05d1
Merge pull request #5774 from nikolaishields/june-update-channel-server
Mark v1.23.8+k3s1 to stable
2022-06-28 16:41:35 -05:00
Derek Nola
918a5dc559
Remove go-powershell dead dependency (#5777)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-28 14:24:49 -07:00
Devin Buhl
bf9fafc8af
add 1.24 release channel (#5742)
Signed-off-by: Devin Buhl <devin@buhl.casa>
2022-06-28 09:43:31 -07:00
Nikolai Shields
64d420a74c
Mark v1.23.8+k3s1 to stable
Signed-off-by: Nikolai Shields <nikolai@nikolaishields.com>
2022-06-28 09:33:57 -05:00
Nikolai Shields
b0ed134855
Merge pull request #5749 from nikolaishields/v1.24.2-k3s1
Update to v1.24.2
2022-06-22 11:23:06 -05:00
Nikolai Shields
61b714b2dd
Update to v1.24.2
Signed-off-by: Nikolai Shields <nikolai@nikolaishields.com>
2022-06-21 15:04:30 -05:00
Brad Davidson
a5414bb1fc Bump helm-controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-16 12:28:13 -07:00
Olli Janatuinen
2968a83bc0 containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2022-06-15 14:49:51 -07:00
Venkata Krishna Rohit Sakala
31b8224f2a Enable compact tests for k3s s390x
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
2022-06-15 12:24:15 -07:00
Brad Davidson
6fad63583b Only listen on loopback when resetting
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 11:25:54 -07:00
Brad Davidson
3399afed83 Ensure that CONTAINERD_ variables are not shadowed by later entries
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:58:12 -07:00
Brad Davidson
fb0a342a20 Sanitize filenames for use in configmap keys
If the user points S3 backups at a bucket containing other files, those
file names may not be valid configmap keys.

For example, RKE1 generates backup files with names like
`s3-c-zrjnb-rs-6hxpk_2022-05-05T12:05:15Z.zip`; the semicolons in the
timestamp portion of the name are not allowed for use in configmap keys.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:54:26 -07:00
Brad Davidson
06e40ec6e7 Disable urfave markdown/man docs generation
From https://github.com/urfave/cli/pull/1383 :
> This removes the resulting binary dependency on cpuguy83/md2man and
> russross/blackfriday (and a few more packages imported by those),
> which saves more than 400 KB (more than 300 KB
> once stripped) from the resulting binary.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:53:42 -07:00
Derek Nola
a9b5a1933f
Delay service readiness until after startuphooks have finished (#5649)
* Move startup hooks wg into a runtime pointer, check before notifying systemd
* Switch default systemd notification to server
* Add 1 sec delay to allow etcd to write to disk
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-15 09:00:52 -07:00
ShylajaDevadiga
97c69546c5
add arm tests and upgrade tests (#5526)
Signed-off-by: Shylaja Devadiga <shylaja@rancher.com>
2022-06-15 08:55:05 -07:00
Roberto Bonafiglia
a693071c74
Merge pull request #5552 from sjoerdsimons/sjoerd/flannel-wireguard-mode
Add cli flag for flannel wireguard mode
2022-06-15 14:28:21 +02:00
Derek Nola
3f9010683e
Add alternate scripts location (#5692)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-14 17:50:11 -07:00
Darren Shepherd
e6009b1edf Introduce servicelb-namespace parameter
This parameter controls which namespace the klipper-lb pods will be create.
It defaults to kube-system so that k3s does not by default create a new
namespace. It can be changed if users wish to isolate the pods and apply
some policy to them.

Signed-off-by: Darren Shepherd <darren@acorn.io>
2022-06-14 15:48:58 -07:00
Darren Shepherd
f4cc1b8788 Move all klipper-lb daemonset to common namespace for PodSecurity
The baseline PodSecurity profile will reject klipper-lb pods from running.
Since klipper-lb pods are put in the same namespace as the Service this
means users can not use PodSecurity baseline profile in combination with
the k3s servicelb.

The solution is to move all klipper-lb pods to a klipper-lb-system where
the security policy of the klipper-lb pods can be different an uniformly
managed.

Signed-off-by: Darren Shepherd <darren@acorn.io>
2022-06-14 15:48:58 -07:00
Derek Nola
12695cea15
E2E: Dualstack test (#5617)
* E2E dualstack test
* Improve testing documentation

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-14 08:40:29 -07:00
Manuel Buil
d4522de06a
Merge pull request #5656 from manuelbuil/AddFlannelCniConfFile
Add FlannelCNIConf flag
2022-06-14 10:23:51 +02:00
Manuel Buil
443b23e22f
Merge pull request #5644 from manuelbuil/ipvs-interface
Remove kube-ipvs0 interface when cleaning up
2022-06-14 10:12:18 +02:00
Igor
2999289e68
add support for pprof server (#5527)
Signed-off-by: igor <igor@igor.io>
2022-06-13 22:06:55 -07:00
Guilherme Macedo
763a8bc8fe
Update security email contact (#5607)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2022-06-13 14:58:06 -07:00
Derek Nola
efab09bc1f
E2E Improvements and groundwork for test-pad tool (#5593)
* Add rancher install sript, taints to cp/etcd roles
* Revert back to generic/ubuntu2004, libvirt networking is unreliable on opensuse
* Added support for alpine
* Rancher deployment script
* Refactor installType into function
* Cleanup splitserver test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-13 13:36:26 -07:00
Derek Nola
168b14b08e
Integration Test: Startup (#5630)
* New startup integration test
* Add testing section to PR template
* Move helper functions to direct k8s client calls

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-13 13:32:13 -07:00
Brad Davidson
0581808f5c Set default egress-selector-mode to agent
... until QA flakes can be addressed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-10 10:14:15 -07:00
Brad Davidson
b550e1183a Remove control-plane egress context and fix agent mode.
The control-plane context handles requests outside the cluster and
should not be sent to the proxy.

In agent mode, we don't watch pods and just direct-dial any request for
a non-node address, which is the original behavior.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-10 10:14:15 -07:00
Brad Davidson
d3242bea3c Refactor egress-selector pods mode to watch pods
Watching pods appears to be the most reliable way to ensure that the
proxy routes and authorizes connections.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-08 09:34:53 -07:00
Manuel Buil
c705d34804 Add FlannelConfCNI flag
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-06-08 11:03:17 +02:00
Brad Davidson
c00f953ef9 Bump containerd and runc
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-07 13:11:07 -07:00
Sjoerd Simons
8643576985 Add ability to pass configuration options to flannel backend
Allow the flannel backend to be specified as
backend=option=val,option2=val2 to select a given backend with extra options.

In particular this adds the following options to wireguard-native
backend:
* Mode - flannel wireguard tunnel mode
* PersistentKeepaliveInterval- wireguard persistent keepalive interval

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
2022-06-07 20:13:28 +02:00
Sjoerd Simons
99cc672d9a Bump flannel to v0.18.1
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
2022-06-07 20:13:18 +02:00
Derek Nola
f491802b44
Update flaky tests for v1.24 (#5625)
* Update flaky tests for v1.24
* Consolidate flaky-test regex into file
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-07 09:37:13 -07:00
Manuel Buil
699ae80de0 Remove kube-ipvs0 interface when cleaning up
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-06-06 12:14:06 +02:00
Brad Davidson
491aa11e10 Revert "Give kubelet the node-ip value (#5579)"
This reverts commit aa9065749c.

Setting dual-stack node-ip does not work when --cloud-provider is set
to anything, including 'external'. Just set node-ip to the first IP, and
let the cloud provider add the other address.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-02 17:36:55 -07:00
Brad Davidson
29397b4e68 Re-add --cloud-provider=external kubelet arg
The cloud-provider arg is deprecated and cannot be set to anything other than external, but must still be used or node addresses are not set properly.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-01 14:23:53 -07:00
Hussein Galal
a5a0e8fde2
Update to v1.24.1 (#5616)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-05-26 18:09:02 +02:00
Brad Davidson
1ef34728c9 Bump dynamiclistener to v0.3.3
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-20 14:17:26 -07:00
Jacob Blain Christen
394ac71076
remove dweomer from maintainers (#5582)
resigning from rancher
2022-05-19 10:19:57 -07:00